Transcription

1 I. Purpose Department of Homeland Security DHS Directives System Directive Number: Revision Number: 00 Issue Date: 08/12/2009 SPECIAL ACCESS PROGRAM MANAGEMENT This Directive establishes the Department of Homeland Security (DHS) policy for the management and administration of DHS Special Access Programs (SAPs). It It establishes the DHS Special Access Program Oversight Committee (SAPOC), and the Special Access Program Control Office Ofice (SAPCO) in order to accomplish planning, organizing, directing and overseeing both DHS originated SAPs and the Department's participation in non-dhs SAPS. It also outlines the specific responsibilities which DHS must accomplish to comply with Executive Order (E.O.) 12958, as amended. II. 11. Scope A. This Directive applies throughout DHS to DHS personnel who require access to DHS SAPs, or who participate in non-dhs SAPs. B. DHS Management Directive 10150, "Research, Development, Testing and Evaluation Special Access Programs," is hereby canceled. III Authorities A. Executive Order 12958, as amended, "Classified National Security Information," April 17, 1995 B. Executive Order 13292, "Further Amendment to Executive Order 12958, as amended, Classified National Security Information," March 25, 2003 C. Executive Order 12968, as amended, "Access to Classified Ciassified Information," August 2,1995 D. Executive Order 12829, as amended, "National Industrial Security Program," January 6, 1993 E... Title 6, Code of Federal Regulations, 7.10, "Authority of the Chief Security Officer, Office of Security" F. Memorandum from the Assistant to the President for National Security Directive# #

2 Affairs to The Secretary of Homeland Security, "Special Access Programs," January 17, 2005 G. Information Security Oversight Office (lsoo), "Classified National Security Information Directive No.1," September 22,2003. IV. Definitions A. Non-DHS SAPs: Are those SAPs either established by, under the cognizance of, or administered by other federal agencies or departments. This definition includes foreign government Special Access Programs. 8. Participation or Significant Activity. An activity beyond a simple. awareness of the existence of a SAP (e.g., committing DHS resources in either personnel or funds). C. Senior Agency Official (SAO): The official designated by the agency head under section 5.4(d) of E.O , to direct and administer the agency's program under which information is classified, safeguarded, and declassified. The Senior Agency Official is specifically responsible for the oversight of DHS participation in special access programs authorized under E.O , The Senior Agency Official for DHS is the Chief Security Officer (CSO), D. Special Acc8 Program (SAPl: Is a program established for a specific class of classified information that imposes safeguarding, need-to-know, and access requirements in excess of those normally required for information at the same classification level. V. Responsibilities A. The Deputy Secretary: 1. Serves as the Chairman of the Special Access Program Oversight Committee (SAPOC) and renders all final decisions for the establishment or disposition of atl SAPs within the Department. 2. Approves the release of SAP information outside the Department, after coordination with the SAPOC and the SAPeO. 3. Approves a Component head, when properly cleared and briefed, to serve as an ad hoc member of the SAPOC, Substitutions are not below the Component head's principal deputy. and are approved in advance by the Deputy Secretary. - 2

3 B. The Chief Security Officer, in the designated role as the SAO for DHS, oversees DHS SAPs and DHS participation in non-dhs SAPs. C. The Special Access Program Oversight Committee (SAPOC): 1. Makes recommendations as to the approval, conduct, and disposition of all SAPs within the Department. 2. Consists of the Deputy Secretary (Chair), the General Counsel. the Under Secretary for Management, the Under Secretary for Intelligence and Analysis, the CSO, the Chief of the SAPCO (Executive Secretary) and the Under Secretary or equivalent official from the Component proposing the SAP (ad hoc member). 3. Reviews all DHS SAP activities annually, via the annual report, and validates the continuing need or discontinuation for each SAP and the Department's involvement with and commitment to non-dhs SAPs. D. Component heads: designate a single point of contact within the Component for all matters relating to SAPs, and work with procurement officials to ensure all contracts contain appropriate language to require compliance with the applicable provisions of this Directive when the contractor needs access to SAPs. E. The DHS Inspector General (or other DHS officers with specific statutory oversight responsibilities) may conduct, in coordination with the SAPCO, investigations, audits or inspections of DHS Special Access Programs. Such investigations, audits or inspections are conducted using cadres of appropriately vetted DHS personnel who have proper security clearances and have been approved for SAP access. VI. Policy &Requirements A. The Secretary and the Deputy Secretary are responsible for all SAP activities within the Department and are the only officials within the Department authorized to approve the establishment or termination of DHS Special Access Programs, or the commitment of DHS resources to participate in a non-dhs SAP. - 3

4 B. General: 1. DHS establishes and maintains SAPs on a case-by-case basis and in cooperation with the Director of ISOO, only when the program does not involve intelligence sources and methods (as such programs fall under the cognizance of the Director of National Intelligence), and only when the SAP meets and is executed consistent with the requirements of Section 4.3. of E.O , as amended. 2. Minimum personnel security requirements for access to DHS SAPs are a final Top Secret clearance based on a personnel security investigation that is current within five years (in scope) and has been adjudicated to ICD-704 standards. Exceptions, waivers, deviations or the use of an interim security clearance for granting access to DHS SAPs is not authorized unless specifically approved by the Chief of the SAPCO. On a case-by-case basis, the SAPOC may approve additional personnel security requirements upon establishing a SAP. 3. The number of persons granted access to a SAP is strictly limited to the minimum necessary for the execution of the program. Granting access to a DHS SAP is based solely upon a determination that the individual has a valid need-to-know, has the requisite security clearance, meets approved personnel security requirements for access, and clearly and materially contributes to the execution or oversight of the program. Individuals are not granted SAP access based solely upon rank, position or title. 4. An individual with an existing DHS SAP access, granted without exception, condition or waiver, is considered eligible for access to another DHS SAP, of the same sensitivity level, as long as the individual has a validated need for access to the information involved. 5. All personnel having access to DHS SAPs are subject to a random Counterintelligence (CI}-scope polygraph examination. However, using a polygraph examination as a determinant for access is a condition specifically approved by the Secretary or the Deputy Secretary in conjunction with the establishment of the SAP. In such cases, the polygraph examination is consistently applied to all. candidates. CI-scope polygraph examinations are not used as the only basis for granting access to DHS SAPs. The polygraph may be used to obtain exculpatory information in those instances when a personnel security investigation can not be completed in a timely manner. 6. DHS personnel with legal, fiscal, investigative, operational or statutory oversight responsibilities for SAPs are deemed to have a needto-know for access. Following a favorable personnel security -4

5 determination, those personnel are granted effective and sufficient access to meet their functional responsibilities. This support is provided by cadres of specifically-dedicated and vetted DHS government personnel. C. Security Violations and Infractions: 1. Incidents involving the security, mishandling, compromise, or suspected compromise of SAP information are promptly reported to the SAPCO and thoroughly investigated within SAP security channels to determine the cause, assess and mitigate potential damage, and implement measures to prevent recurrence. 2. Actions, to include suspending or revoking an individual's access, may be imposed when an individual is found to be culpable for the commission of a security infraction or violation. D. Fraud. Waste. Abuse or Mismanagement (FWA): DHS employees, contractors, sub~contractors or consultants who suspect or have knowledge of fraud, waste, abuse or mismanagement involving DHS SAPs may report such to the DHS OIG Hotline at 1-800~ DHS OIG personnel are not routinely briefed into SAPs unless or until there is a functional reason to do so; therefore, special care must be exercised when making reports not to compromise SAP information (i.e., the inadvertent disclosure of SAP information). VII. Questions Address any questions or concerns regarding this Directive to the Office of the Chief Security Officer, attention: Chief, SpeCial Access Programs Control Office (SAPCO). Janet Napolitano ecretary of Homeland Security Date ~ 5

Management Advisory - The Transportation Security Administration's Failure to Address Two Recommendations to Improve the Efficiency and Effectiveness of Its Office of Inspection July 6, 2015 July 6, 2015

U.S. Department of Energy Washington, D.C. ORDER DOE O 221.1A Approved: SUBJECT: REPORTING FRAUD, WASTE AND ABUSE TO THE OFFICE OF INSPECTOR GENERAL 1. PURPOSE. To establish requirements and responsibilities

UNDER SECRETARY OF DEFENSE 5000 DEFENSE PENTAGON WASHINGTON, DC 20301-5000 INTELLIGENCE July 8, 2013 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF STAFF UNDER SECRETARIES

MEMORANDUM OF AGREEMENT BETWEEN FACILITIES, SECURITY AND CONTRACTING, THE PERSONNEL SECURITY APPEALS BOARD, AND THE OFFICE OF THE INSPECTOR GENERAL, U.S. OFFICE OF PERSONNEL MANAGEMENT ON ROLES AND RESPONSIBILITIES

GC GUIDANCE ON INHERENTLY GOVERNMENTAL FUNCTIONS Federal law prohibits contractors from performing inherently governmental functions. But determining which functions may be performed by contractors and

United States Department of Agriculture Office of Inspector General U.S. Department of Agriculture s Office of Homeland Security and Emergency Coordination - Classification Management Audit Report 61701-0001-32

Department of Defense DIRECTIVE NUMBER 5105.77 October 30, 2015 DCMO SUBJECT: National Guard Bureau (NGB) References: See Enclosure 1 1. PURPOSE. Pursuant to the authority vested in the Secretary of Defense

Department of Defense DIRECTIVE NUMBER 5105.36 February 28, 2002 Certified Current as of November 21, 2003 SUBJECT: Defense Contract Audit Agency (DCAA) DA&M References: (a) Title 10, United States Code

Department of Homeland Security Review of Costs Invoiced by the City of San Antonio Relating to the San Antonio International Airport Terminal B Checked Baggage Screening Project Under Other Transaction

Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

Privacy Impact Assessment Of the Office of Inspector General Information Technology Infrastructure Systems Program or application name: Office of Inspector General Information Technology Infrastructure

Department of Homeland Security Office of Inspector General Review of the Department of Homeland Security s Master List of Recovery Act Contracts and Grants American Recovery and Reinvestment Act of 2009

The City of Atlanta, Georgia, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Severe Storms and Flooding in September 2009 May 19, 2015 DHS OIG HIGHLIGHTS The City of Atlanta, Georgia,

Actions Taken by the Federal Emergency Management Agency in Response to an Allegation Concerning the Application for a Station Construction Grant Submitted by the University City, Missouri, Fire Department

Work Plan ongoing and planned audit and evaluation projects Current as of June 5, 2015 Overview The Work Plan presents the audits and evaluations that the Office of Inspector General (OIG) is conducting

OFFICE OF THE INSPECTOR GENERAL AUDIT PLAN FISCAL YEAR 2016 INTRODUCTION I am pleased to present the fiscal year 2016 audit plan, which communicates the Office of the Inspector General s (OIG) priorities

H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable

STATEMENT OF J. RICHARD BERMAN ASSISTANT INSPECTOR GENERAL FOR AUDITS OFFICE OF INSPECTOR GENERAL U. S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE SELECT COMMITTEE ON HOMELAND SECURITY U. S. HOUSE OF REPRESENTATIVES

Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,

THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE FORWARD I am pleased to introduce the mission and authorities of the Office of Inspector General for the Farm Credit Administration. I hope this

Statement of Deputy Inspector General Sandra D. Bruce U.S. Department of Education Before the Committee on Oversight and Government Reform and the United States House of Representatives February 2, 2016

Department of Health and Human Services OFFICE OF INSPECTOR GENERAL CMS DID NOT ALWAYS MANAGE AND OVERSEE CONTRACTOR PERFORMANCE FOR THE FEDERAL MARKETPLACE AS REQUIRED BY FEDERAL REQUIREMENTS AND CONTRACT

1 Purpose The DOE M 470.4-4A, Information Security Manual states, All information security programs, practices, and procedures developed within DOE must be consistent with and incorporate the requirements

CONSOLIDATED RECORDS MANAGEMENT SYSTEM (CRMS) USER AGREEMENT I. PURPOSE STATEMENT The TENNESSEE FUSION CENTER (TFC) is an initiative of the Tennessee Bureau of Investigation (TBI) and the Department of

Department of Homeland Security Office of Inspector General FLETC Leases for Dormitories 1 and 3 OIG-10-02 October 2009 Office of Inspector General U.S. Department of Homeland Security Washington, DC 20528

Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) PURPOSE: The purpose of this procedure is to establish the roles, responsibilities, and communication procedures for the Computer Security Incident

DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Review of DHS Security Controls for Portable Storage Devices OIG-08-95 September 2008 Office of Inspector General U.S. Department of Homeland

Department of Health and Human Services OFFICE OF INSPECTOR GENERAL THE INFORMATION TECHNOLOGY INFRASTRUCTURE AND OPERATIONS OFFICE HAD INADEQUATE INFORMATION SECURITY CONTROLS Inquires about this report

DEPARTMENT OF HEALTH SERVICES Division of Enterprise Services F-00714 (08/2013) STATE OF WISCONSIN BUSINESS ASSOCIATE AGREEMENT Tribal Contract This Business Associate Agreement is made between the Wisconsin

U.S. DEPARTMENT OF COMMERCE Office of Inspector General United States Patent and Trademark Office USPTO Needs Strong Office of Human Resources Management Capable of Addressing Current and Future Challenges

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION CONTRACTOR SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 CREDENTIALS June 2012 A-14-11-11106

VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Audit of VA s Data Quality Review Process under the American Recovery and Reinvestment Act of 2009 October 30,

PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it

VA Office of Inspector General OFFICE OF AUDITS AND EVALUATIONS Veterans Health Administration Audit of the Community Nursing Home Program March 29, 2013 11-00331-160 ACRONYMS AND ABBREVIATIONS CMS GEC

Department of Homeland Security Office of Inspector General Special Review of the Science and Technology Directorate s Contracts with a Small Business (Summary) OIG-10-103 July 2010 Office of Inspector

Department of Homeland Security Insurance Allocations to FEMA Public Assistance Grant Funds Awarded to the Administrators of the Tulane Educational Fund, New Orleans, Louisiana DD-12-10 April 2012 Office

2IÀFHRI,QVSHFWRU*HQHUDO FEMA s Efforts To Collect a $23.1 Million Debt from the State of Louisiana Should Have Been More Aggressive OIG-14-134-D September 2014 Washington, DC 20528 / www.oig.dhs.gov September

2IÀFHRI,QVSHFWRU*HQHUDO FEMA Should Recover $8.0 Million of $26.6 Million in Public Assistance Grant Funds Awarded to St. Stanislaus College Preparatory in Mississippi Hurricane Katrina OIG-14-95-D May

SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration

Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent

Lawrence County Engineer, Ohio, Generally Accounted For and Expended FEMA Grant Funds Properly June 25, 2015 OIG-15-110-D June 25, 2015 Why We Did This Lawrence County Engineer, Ohio (Lawrence), received

Department of Health and Human Services OFFICE OF INSPECTOR GENERAL NOT ALL COMMUNITY SERVICES BLOCK GRANT RECOVERY ACT COSTS CLAIMED ON BEHALF OF THE COMMUNITY ACTION PARTNERSHIP OF NATRONA COUNTY FOR

The United States Secret Service Has Adequate Oversight and Management of its Acquisitions (Revised) February 10, 2015 OIG-15-21 HIGHLIGHTS The United States Secret Service Has Adequate Oversight and Management

Corrected SESSION OF 2007 SUPPLEMENTAL NOTE ON SUBSTITUTE FOR SENATE BILL NO. 11 As Amended by House Committee of the W hole Brief* Sub. for SB 11, as amended by the House Committee of the Whole, would